Navigation

← Previous Changeset
Next Changeset →

Changeset 234

Timestamp:

08/08/08 15:52:07 (4 months ago)

Author:

slawrence

Message:

Replace rpmify script with a make file for creating selinux policy and clip rpms.
Update make files and clip spec file to install files in the correct locations (not /usr/share/clip).
No longer use the installer.in script for post rpm install changes, everything is installed by the rpm now.
Update policy spec files to obey the checkpolicy version number for BuildRequires?. A commented out if/else was breaking things.
Update README with build steps and dependencies.
Add make file for building selinux toolchain rpms.

Files:

trunk/RHEL5.2/Makefile (modified) (2 diffs)
trunk/RHEL5.2/README (modified) (1 diff)
trunk/RHEL5.2/RPM/clip.spec (modified) (3 diffs)
trunk/RHEL5.2/build (added)
trunk/RHEL5.2/build/Makefile (added)
trunk/RHEL5.2/conf/audit/Makefile (modified) (1 diff)
trunk/RHEL5.2/conf/pam/Makefile (modified) (1 diff)
trunk/RHEL5.2/refpolicy/conf/selinux-policy-modular.spec (modified) (2 diffs)
trunk/RHEL5.2/refpolicy/conf/selinux-policy-monolithic.spec (modified) (2 diffs)
trunk/RHEL5.2/rpmify (deleted)
trunk/RHEL5.2/scripts/Makefile (modified) (2 diffs)
trunk/RHEL5.2/scripts/wrappers/scripts (modified) (1 diff)
trunk/RHEL5.2/selinux-usr/Makefile (added)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/RHEL5.2/Makefile

r174	r234
8	8	export KSDIR=$(SHAREDIR)/kickstart
9	9	export CONFDIR=$(SHAREDIR)/conf
10		export MANDIR=$(~~SHAREDIR)~~/man/man8
	10	export MANDIR=$(PREFIX)/share/man/man8
11	11
12	12	install: $(SUBDIRS)
…	…
15	15	done
16	16	test -d $(DESTDIR)$(KSDIR) \|\| install -m 755 -d $(DESTDIR)$(KSDIR)
17		~~test -d $(DESTDIR)$(CONFDIR) \|\| install -m 755 -d $(DESTDIR)$(CONF~~DIR)
18		~~install -m 644 kickstart/* $(DESTDIR)$(KS~~DIR)
	17	install -m 644 kickstart/clip.ks $(DESTDIR)$(KSDIR)
	18	#test -d $(DESTDIR)$(CONFDIR) \|\| install -m 755 -d $(DESTDIR)$(CONFDIR)
19	19

trunk/RHEL5.2/README

r233	r234
1		To build RHEL 5.2 CLIP ~~instance~~ use the following steps:
	1	To build RHEL 5.2 CLIP rpms use the following steps:
2	2
3		~~1. Run rpmify~~
4	3
5		2. RPMs are copied to the RPM directory
	4	== RPM Build Steps ==
6	5
	6	* Install the following packages from the RHEL5.2 cd
	7	- audit-libs-devel
	8	- bison
	9	- byacc
	10	- flex
	11	- libcap-devel
	12	- pam-devel
	13	- python-devel
	14	- swig
	15
	16	* Update the selinux toolchain
	17	cd RHEL5.2/selinux-usr
	18
	19	make libsepol-rpm
	20	rpm -Uvh --force rpm/RPMS/$ARCH/{libsepol,libsepol-devel}-1.16.14-1.$ARCH.rpm
	21
	22	make libselinux-rpm
	23	rpm -Uvh --force rpm/RPMS/$ARCH/{libselinux,libselinux-devel,libselinux-python}-1.34.15-1.$ARCH.rpm
	24
	25	make libsemanage-rpm
	26	rpm -Uvh --force rpm/RPMS/$ARCH/{libsemanage,libsemanage-devel}-1.10.9-1.$ARCH.rpm
	27
	28	make policycoreutils-rpm
	29	rpm -Uvh --force rpm/RPMS/$ARCH/{policycoreutils,policycoreutils-newrole}-1.34.16-1.$ARCH.rpm
	30
	31	make checkpolicy-rpm
	32	rpm -Uvh --force rpm/RPMS/$ARCH/checkpolicy-1.34.7-1.$ARCH.rpm
	33
	34	* Install clip and clip selinux policy
	35
	36	cd RHEL5.2/build
	37
	38	make clip-rpm selinux-policy-clip-rpm
	39
	40	* RPMs will be located in RHEL5.2/RPM directory
	41
	42	cd RHEL5.2/RPM
	43
	44	rpm -Uvh --force clip-2.0-1.$ARCH.rpm
	45	rpm -Uvh --force selinux-policy-clip-2.0-3.noarch.rpm
	46
	47
	48
	49	== Build Dependencies ==
	50
	51	clip-2.0-1:
	52	audit-libs-devel
	53	pam-devel
	54
	55	libsepol-1.16.14-1:
	56	none
	57
	58	libselinux-1.34.15-1:
	59	libsepol-devel > 1.16.14-1
	60	swig
	61	python-devel
	62
	63	libsemanage-1.10.9-1:
	64	libselinux-devel > 1.34.15-1
	65	swig
	66	libsepol-devel > 1.16.14-1
	67	python-devel
	68	bison
	69	flex
	70
	71	policycoreutils-1.34.16-1:
	72	libsepol-devel > 1.16.14-1
	73	libsemanage-devel > 1.10.9-1
	74	libselinux-devel 1.34.15-1
	75	libcap-devel
	76	audit-libs-devel
	77
	78	checkpolicy-1.34.7:
	79	byacc
	80	flex
	81	libsepol-devel > 1.16.14-1
	82	libselinux-devel
	83
	84	selinux-policy-clip-2.0-3:
	85	checkpolicy >= 1.34.7
	86

trunk/RHEL5.2/RPM/clip.spec

r217	r234
7	7	Source0: %{name}-%{version}-%{release}.tar.gz
8	8	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
	9	BuildRequires: audit-libs-devel pam-devel
9	10
10	11	%define debug_package %{nil}
…	…
17	18
18	19	%build
19		pushd .
20		cd pam_tally3
21		make
22		popd
	20	make -C pam_tally3
23	21	pushd .
24	22	cd scripts/wrappers
25	23	./mk_wrappers
26	24	popd
	25
	26
27	27	%install
28	28	rm -rf $RPM_BUILD_ROOT
…	…
36	36	%files
37	37	%defattr(-,root,root,-)
38		/usr/share/clip/conf/audit/auditd.conf
39		/usr/share/clip/conf/audit/audit-i386.rules
40		/usr/share/clip/conf/audit/audit-x86_64.rules
41		/usr/share/clip/conf/pam/login.pam
42		/usr/share/clip/conf/pam/newrole.pam
43		/usr/share/clip/conf/pam/sshd.pam
44		/usr/share/clip/conf/pam/su.pam
45		/usr/share/clip/conf/pam/sudo.pam
46		/usr/share/clip/conf/pam/system-auth.pam
47		/usr/share/clip/kickstart/clip.ks
48		/usr/share/clip/wrappers/wrapper.c
49		/usr/share/clip/wrappers/scripts
50		/usr/share/clip/man/man8/xar.8
51		/usr/share/clip/scripts/stig-fix
52		/etc/security/pam_env.conf
	38	%config %{_sysconfdir}/audit/
	39	%config %{_sysconfdir}/pam.d/
	40	%config %{_sysconfdir}/security/pam_env.conf
53	41	/%{_lib}/security/pam_tally3.so
54	42	/usr/share/doc/pam_tally3
55	43	/sbin/pam_tally3
56	44	/usr/sbin/xar
	45	/usr/share/clip/kickstart/clip.ks
	46	/usr/share/clip/scripts/stig-fix
	47	%{_mandir}/man8/xar.8.gz
57	48	/var/cache/xar
58		/usr/sbin/protected/xar
59		/usr/sbin/protected/neat
60		/usr/sbin/protected/up2date
61		/usr/sbin/protected/semanage
62		/usr/sbin/protected/sys-unconfig
63		/usr/sbin/protected/system-config-network
64		/usr/sbin/protected/system-config-network-cmd
65		/usr/sbin/protected/system-config-network-druid
66		/usr/sbin/protected/system-config-network-tui
67		%attr(755,root,root)/usr/share/clip/installer
68		%doc
	49	/usr/sbin/protected
69	50
70	51	%post
71		~~/usr/share/clip/installer >> %log_file 2>>%log_file~~
72	52
73	53	%changelog
74		* Thu May 31 2007 Zachary Cutlip <zcutlip@tresys.com) -
	54	* Wed Aug 6 2008 Stephen Lawrence <slawrence@tresys.com> -
	55	- Install files in correct locations instead of /usr/share/clip
	56
	57	* Thu May 31 2007 Zachary Cutlip <zcutlip@tresys.com> -
75	58	-removed BuildArch directive
76	59	-added pam_tally3 to build section

trunk/RHEL5.2/conf/audit/Makefile

r217	r234
	1	ARCH=$(shell uname -i)
	2
1	3	install:
2		test -d $(DESTDIR)$(CONFDIR)/audit \| install -d -m 755 $(DESTDIR)$(CONFDIR)/audit
3		install -m 644 .conf .rules $(DESTDIR)$(CONFDIR)/audit
	4	test -d $(DESTDIR)$(SYSCONFDIR) \|\| install -d -m 755 $(DESTDIR)$(SYSCONFDIR)
	5	test -d $(DESTDIR)$(SYSCONFDIR)/audit \|\| install -d -m 755 $(DESTDIR)$(SYSCONFDIR)/audit
	6	install -m 644 auditd.conf $(DESTDIR)$(SYSCONFDIR)/audit/auditd.conf
	7	install -m 644 audit-$(ARCH).rules $(DESTDIR)$(SYSCONFDIR)/audit/audit.rules

trunk/RHEL5.2/conf/pam/Makefile

r1	r234
1	1	install:
2		test -d $(DESTDIR)$(CONFDIR)/pam \| install -d -m 755 $(DESTDIR)$(CONFDIR)/pam
3		test -d $(DESTDIR)$(SYSCONFDIR) \| install -d -m 755 $(DESTDIR)$(SYSCONFDIR)
4		test -d $(DESTDIR)$(SYSCONFDIR)/security \| install -d -m 755 $(DESTDIR)$(SYSCONFDIR)/security
5		install -m 644 *.pam $(DESTDIR)$(CONFDIR)/pam
	2	test -d $(DESTDIR)$(SYSCONFDIR) \|\| install -d -m 755 $(DESTDIR)$(SYSCONFDIR)
	3	test -d $(DESTDIR)$(SYSCONFDIR)/pam.d \|\| install -d -m 755 $(DESTDIR)$(SYSCONFDIR)/pam.d
	4	test -d $(DESTDIR)$(SYSCONFDIR)/security \|\| install -d -m 755 $(DESTDIR)$(SYSCONFDIR)/security
	5	install -m 644 login.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/login
	6	install -m 644 newrole.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/newrole
	7	install -m 644 sshd.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/sshd
	8	install -m 644 sudo.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/sudo
	9	install -m 644 su.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/su
	10	install -m 644 system-auth.pam $(DESTDIR)$(SYSCONFDIR)/pam.d/system-auth
6	11	install -m 644 security/pam_env.conf $(DESTDIR)$(SYSCONFDIR)/security/pam_env.conf

trunk/RHEL5.2/refpolicy/conf/selinux-policy-modular.spec

r183	r234
1	1	%define POLICYDIR /etc/selinux/%{polname}
2	2	%define FILE_CONTEXT %{POLICYDIR}/contexts/files/file_contexts
3		%define POLICYCOREUTILSVER 1.18.1-4.7
	3	%define POLICYCOREUTILSVER 1.34.16
	4	%define CHECKPOL_VERSION 1.34.7
4	5	Summary: SELinux policy configuration for %{polname}
5	6	Name: selinux-policy-%{polname}
…	…
12	13	Group: System Environment/Base
13	14
14		~~# for now use the same checkpol versions across build distros~~
15		~~#%if %(test -f /etc/fedora-release && echo 1 \|\| echo 0) && %(rpm -q --queryformat '%{VERSION}' fedora-release) == 5~~
16		~~%define CHECKPOL_VERSION 1.30.3-1~~
17		~~#%else if %(test -f /etc/redhat-release && echo 1 \|\| echo 0) && %(rpm -q --queryformat '%{VERSION}' redhat-release) == 4WS-2~~
18		~~#%define CHECKPOL_VERSION 1.30.3-1~~
19		~~#%endif~~
20	15
21	16	BuildRoot: %{_tmppath}/%{polname}-buildroot

trunk/RHEL5.2/refpolicy/conf/selinux-policy-monolithic.spec

r183	r234
1	1	%define POLICYDIR /etc/selinux/%{polname}
2	2	%define FILE_CONTEXT %{POLICYDIR}/contexts/files/file_contexts
3		%define POLICYCOREUTILSVER 1.18.1-4.7
	3	%define POLICYCOREUTILSVER 1.34.16
	4	%define CHECKPOL_VERSION 1.34.7
4	5	Summary: SELinux policy configuration for %{polname}
5	6	Name: selinux-policy-%{polname}
…	…
12	13	Group: System Environment/Base
13	14
14		~~# for now use the same checkpol versions across build distros~~
15		~~#%if %(test -f /etc/fedora-release && echo 1 \|\| echo 0) && %(rpm -q --queryformat '%{VERSION}' fedora-release) == 5~~
16		~~%define CHECKPOL_VERSION 1.30.3-1~~
17		~~#%else if %(test -f /etc/redhat-release && echo 1 \|\| echo 0) && %(rpm -q --queryformat '%{VERSION}' redhat-release) == 4WS-2~~
18		~~#%define CHECKPOL_VERSION 1.30.3-1~~
19		~~#%endif~~
20	15
21	16	BuildRoot: %{_tmppath}/%{polname}-buildroot

trunk/RHEL5.2/scripts/Makefile

r192	r234
32	32	install -d -m 755 $(DESTDIR)/var/cache/xar
33	33
34		~~# Install wrappers~~
35		~~install -m 644 wrappers/scripts $(DESTDIR)$(SHAREDIR)/wrappers~~
36		~~install -m 644 wrappers/wrapper.c $(DESTDIR)$(SHAREDIR)/wrappers~~
37
38	34	# Install scripts
39	35	install -m 700 stig-fix/run-fixes.sh $(DESTDIR)$(SHAREDIR)/scripts/stig-fix
…	…
43	39	install -m 700 stig-fix/cat4/* $(DESTDIR)$(SHAREDIR)/scripts/stig-fix/cat4
44	40
45		~~# Patch installer~~
46		~~perl -pe s!--BASE--!$(PREFIX)/share! < $(INSTALLER).in > \~~
47		~~$(DESTDIR)$(SHAREDIR)/$(INSTALLER)~~
48
49	41	# Install wrappers
50	42	install -m 755 wrappers/protected/* $(DESTDIR)$(BINDIR)/protected

trunk/RHEL5.2/scripts/wrappers/scripts

r49	r234
2	2	/usr/sbin/system-config-network
3	3	/usr/sbin/system-config-network-cmd
4		~~/usr/sbin/system-config-network-druid~~
5	4	/usr/sbin/system-config-network-tui
6	5	/usr/sbin/sys-unconfig
7	6	/usr/sbin/semanage
8		/usr/sbin/neat
	7	/usr/sbin/neat-tui
9	8	/usr/sbin/up2date

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.